D/C/B-Series Authentication with VLAN-Tunnel-based VLAN ID Fails: "TunnelPrivateGroupId0 length is greater than 4!"

  • 0
  • 1
  • Article
  • Updated 4 years ago
Article ID: 16031 

D-Series, firmware through
C5-Series, firmware through
C3-Series, firmware through
B5-Series, firmware through
B3-Series, firmware through 

Configured authentication to use the vlan-tunnel attributes in the RADIUS reply to assign a VLAN to the authenticating user.
That is, using 'set policy maptable response tunnel' or 'set policy maptable response both'. 

Upon authentication, the VLAN assignment does not take place.
The error log contains message "TunnelPrivateGroupId0 length is greater than 4!

The server is inappropriately padding the VLAN ID with a NULL character, which for VLAN values greater than 999 will cause the length of the ID to exceed the defined spec maximum. 

For the D-Series, upgrade to firmware or higher.
For the C5, C3, B5, or B3-Series, upgrade to firmware or higher.
Photo of FAQ User

FAQ User, Official Rep

  • 13,590 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.